Thimpress

Learnpress

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-13599

  • EPSS 0.3%
  • Veröffentlicht 25.01.2025 08:15:10
  • Zuletzt bearbeitet 04.02.2025 18:13:20

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible ...

4.8

CVE-2024-9881

Exploit
  • EPSS 0.36%
  • Veröffentlicht 12.12.2024 06:15:24
  • Zuletzt bearbeitet 07.05.2025 12:45:39

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

4.8

CVE-2024-10010

Exploit
  • EPSS 0.44%
  • Veröffentlicht 12.12.2024 06:15:18
  • Zuletzt bearbeitet 07.05.2025 13:28:46

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

5.3

CVE-2024-11868

  • EPSS 1.11%
  • Veröffentlicht 10.12.2024 13:15:15
  • Zuletzt bearbeitet 08.04.2026 18:19:34

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers t...

7.5

CVE-2024-8529

  • EPSS 11.83%
  • Veröffentlicht 12.09.2024 09:15:05
  • Zuletzt bearbeitet 08.04.2026 19:22:26

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient esca...

7.5

CVE-2024-8522

  • EPSS 61.36%
  • Veröffentlicht 12.09.2024 09:15:05
  • Zuletzt bearbeitet 08.04.2026 19:22:26

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escapi...

8.8

CVE-2024-39641

  • EPSS 0.19%
  • Veröffentlicht 26.08.2024 21:15:23
  • Zuletzt bearbeitet 18.09.2024 16:57:25

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.

6.5

CVE-2024-39642

  • EPSS 0.39%
  • Veröffentlicht 13.08.2024 11:15:17
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.

6.5

CVE-2024-7548

  • EPSS 0.62%
  • Veröffentlicht 08.08.2024 06:15:42
  • Zuletzt bearbeitet 08.01.2025 21:07:57

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of suf...

8.8

CVE-2024-6589

  • EPSS 0.81%
  • Veröffentlicht 25.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:49:56

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, wit...